US20060107320A1 - Secure boot scheme from external memory using internal memory - Google Patents
Secure boot scheme from external memory using internal memory Download PDFInfo
- Publication number
- US20060107320A1 US20060107320A1 US10/988,913 US98891304A US2006107320A1 US 20060107320 A1 US20060107320 A1 US 20060107320A1 US 98891304 A US98891304 A US 98891304A US 2006107320 A1 US2006107320 A1 US 2006107320A1
- Authority
- US
- United States
- Prior art keywords
- storage
- memory
- identifier
- instructions
- processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Definitions
- Implementations of the claimed invention generally may relate to security verification and, more particularly, to preventing software modification via secure booting.
- unauthorized modification of software may be desirable to prevent unauthorized modification of software, for example to protect high-value content and/or service provider revenue.
- One scheme that has been proposed to prevent such unauthorized modification is to “securely boot” from a trusted (e.g., assumed uncorrupted) source to ensure that software is not or has not been modified. Such secure booting may ensure data security itself, or it may trigger subsequent verification in a so-called “chain of trust.”
- One way to design a secure boot scheme may be for a processor to read trusted boot code from an external memory device, such as non-volatile, flash-type memory.
- Such boot code may reside, for example, in a one-time programmable (OTP) area of the external memory device.
- OTP one-time programmable
- Such an external memory device may be vulnerable to a replacement attack, where the external memory may be removed and replaced with a different memory device containing modified boot code.
- FIG. 1 illustrates an example processing system
- FIG. 2 is a flow chart illustrating a process of securely booting a processor
- FIG. 1 illustrates an example processing system 100 .
- Processing system 100 may include a processor package 110 , a communication link 150 , and a memory 160 .
- Processor package 110 and memory 160 may, in some implementations, be located proximately on a single circuit board. In some implementations, package 110 and memory 160 may be more remotely situated within system 100 .
- Memory 160 may be referred to or conceptualized as an “external” memory, because it may be external to package 110 .
- Processor package 110 may include a processor 120 , a boot storage 130 , and an identifier (ID) storage 140 .
- processor 120 , boot storage 130 , and ID storage 140 may be located on the same die and/or semiconductor substrate.
- processor 120 , boot storage 130 , and ID storage 140 may be located on different dies and/or chips that are packaged together.
- processor 120 and boot storage 130 may be located on the same die and/or semiconductor substrate, and ID storage 140 may be located on a different die and/or chip that is packaged with that of processor 120 .
- Other variations are both possible and contemplated.
- Processor 120 may include a general-purpose or special-purpose processor configured to execute instructions or series of instructions to operate on data.
- processor 120 may be a general-purpose processing element that may execute instructions stored in boot storage 120 and/or in memory 160 .
- Boot storage 130 may include a non-volatile memory, such as a read-only memory (ROM). In some implementations, boot storage 130 may store some portion of the boot code for initializing and establishing operational parameters of processor 120 . In some implementations, boot storage 130 may include security verification code for verifying one or more properties of memory 160 before further booting may occur. In some implementations, boot storage may be about 200 Bytes to about 10 kilobytes in size, although smaller or larger sizes are possible.
- ROM read-only memory
- ID storage 140 may include a non-volatile memory, such as a one-time programmable (OTP) flash memory.
- ID storage 140 may include an electrically erasable programmable read-only memory (EEPROM), such as a serial EEPROM.
- ID storage 140 may include a bank of fuses that may be blown during manufacturing to store information.
- Communication link 150 may connect processor package 110 and memory 160 . Although illustrated as a single bidirectional arrow, communication link may include one or more busses and/or point-to-point connections between processor package 110 and memory 160 . In some implementations, communication link 150 may be implemented via conductive traces and/or wires. In some implementations, link 150 may be implemented in a non-conductive manner (e.g., optically and/or wirelessly).
- Memory 160 may include a unique identifier (ID) 170 , a boot code portion 180 , and a portion for storing kernel and/or application code 190 .
- unique ID 170 and/or boot code 180 may be stored in OTP portions of memory 160 .
- Memory 160 may include flash-type or other nonvolatile memory including OTP and/or many-times programmable portions.
- Unique ID 170 may be programmed into memory 160 when memory 160 is manufactured. In some implementations, unique ID 170 , once programmed into memory 160 , may not be rewritten or overwritten. In some implementations, unique ID 170 may be less than, for example, about 128 bits. Unique ID 170 may be sufficiently long, however, to make accidental duplication of the ID unlikely.
- Boot code 180 also may be programmed into memory 160 when memory 160 is manufactured. In some implementations, boot code 180 , once programmed into memory 160 , may not be rewritten or overwritten. Boot code 180 may include a remainder of code needed to boot processor 120 , in addition to a security verification portion of the initializing code that may be stored in boot storage 130 . In some implementations, boot code 180 may also include verification code to verify the integrity of, for example, kernel and/or applications 190 .
- Kernel and/or applications 190 may include code and/or instructions to be executed by processor 120 after boot code 180 . Kernel and/or applications 190 may include instructions that define a “steady state” functionality of system 100 . For example, if system 100 is included in a set-top box, kernel and/or applications 190 may include an operating system and/or tuner software and/or a program guide to control playback of media information.
- Processing may begin with processor 120 executing verification code stored in boot storage 130 [act 205 ].
- act 205 may occur on a system reset and/or restart or startup.
- the verification code may direct processor 120 to perform some or all of acts 210 - 255 in FIG. 2 .
- processor 120 may send a particular command sequence to memory 160 to read unique identifier 170 .
- processor 120 may also retrieve a portion (e.g., some or all) of boot code 180 from memory 160 in act 210 .
- processor 120 may optionally retrieve a portion of kernel and/or applications 190 in addition to boot code 180 .
- boot code 180 may facilitate optional acts 225 , 245 , and/or 250 (illustrated by dashed lines) described below. Although such acts may be described with regard to boot code 180 for ease of presentation, it should be understood that optional acts 225 , 245 , and/or 250 may also involve kernel and/or applications 190 .
- processor 120 may store unique ID 170 locally in ID storage 140 [act 220 ].
- act 220 in ID storage 140 may be an OTP-type storage operation.
- act 220 may be performed by the manufacturer of system 100 during manufacture and/or assembly of system 100 .
- processor 120 may compute a cryptographic hash or digital signature (or otherwise generate a unique identifier) on boot code 180 and also locally store the resultant hash or signature, herein referred to as ‘signature’ in ID storage 140 [act 225 ].
- Any now-known or later-developed hashing such as MD-5, SHA-1) or similar algorithm such as a Message Authentication Code (hashing algorithm which uses a secret key, such as HMAC-MD5, HMAC-SHA-1) or a Digital Signature algorithm (such as RSA, DSA, El-Gamal etc) may be stored in boot storage 130 and used in act 225 .
- MACs Message Authentication Codes
- Acts 220 , and optionally 225 may “bind” external memory 160 to processor package 110 during manufacturing and/or before the opportunity for a memory replacement attack on system 100 .
- processor 120 may compare unique ID 170 from external memory 160 with a corresponding identifier in ID storage 140 [act 230 ]. If the identifiers do not match [act 235 ], the verification code executed by processor 120 may prevent further booting [act 240 ]. In such a case, processor 120 may not execute boot code 180 , because the identity or trustworthiness of memory 160 is suspect. In some implementations, processor 120 may issue an error code or other notification to the remainder of system 100 that booting has stopped in act 240 .
- the verification code executed by processor 120 may compute a signature of the boot code 180 (and/or other code) read from memory 160 in act 210 [act 245 ].
- the signature algorithm performed on boot code 180 from memory 160 may be the same as the algorithm used in act 225 . If the computed signature from act 245 does not equal the corresponding signature value from ID storage 140 [act 250 ], the verification code executed by processor 120 may prevent system 100 from booting further [act 240 ], as previously described.
- boot code 180 may include the remainder of all boot code beyond the verification portion that is stored in boot storage 130 .
- boot code 180 having been verified in act 250 , may proceed to verify other code in memory 160 , such as kernel and/or applications 190 .
- boot code 180 may load kernel and/or applications 190 for further execution by processor 120 .
- processor may permit booting from boot code 180 in act 255 .
- act 255 may follow act 235 when appropriate.
- FIG. 3 illustrates an example system 300 that may include processing system 100 .
- system 300 may include a set-top box for interfacing with cable/satellite/internet protocol (IP)-based networks.
- system 300 may include a more general-purpose computing or processing system and components thereof.
- System 300 may include at least some of a network interface 310 , a tuner 320 , a display 330 , processor system 100 , storage 340 , and a user interface 350 connected by at least one bus 305 .
- system 300 may include some or all of elements 310 - 350 , it may also include other elements that are not illustrated for clarity of explanation.
- elements 310 - 350 may be implemented by hardware, software/firmware, or some combination thereof, and although illustrated as separate functional modules for ease of explanation, elements 310 - 350 may not be implemented as discrete elements within system 300 .
- system 300 may not include certain ones of elements 310 - 350 .
- system 300 may lack storage 340 .
- Other systems 300 such as server-type systems, may lack one or more of tuner 320 , display 330 , and/or user interface 350 .
- Network interface 310 may be arranged to transmit and receive data via one or more communication links.
- network interface 310 may function as a switch or router, but in other systems 300 , network interface 310 may function as an access point.
- Network interface 310 may be arranged to facilitate communication via any associated communication link(s).
- the associated communication links include a wireless link
- network interface 310 may include circuitry and optionally an antenna arranged to send and receive wireless signals.
- the communication link include a wired link (including wires or other physical conduits such as optical fibers)
- network interface 310 may include circuitry and a connector arranged to send and receive signals via a wire, cable, fiber, or the like.
- Tuner 320 may include one or more devices that are arranged to separate one or more streams of information (e.g., television channel(s)) from an input media stream.
- Tuner 320 may also include a physical interface to receive a transport medium (e.g., a coaxial cable, Ethernet cable, wireless connection, etc.) that carries the media stream.
- Tuner 320 may lock onto and output a first stream of information, such as a television channel or other information, present at a first frequency range in the media stream.
- the particular choice of which first stream or channel to be output by tuner 320 may be made by a user via user interface 350 or by processing system 100 .
- Display 330 may include a television, monitor, projector, or other device suitable for displaying media information, such as video and/or audio. Display 330 may utilize a number of technologies for such displaying, including cathode ray tube (CRT), liquid crystal display (LCD), plasma, and/or projection-type technologies. In some situations, display 330 may receive media information to output from tuner 320 . In other situations, display 330 may receive media information to output from network interface 310 and/or storage 340 .
- CTR cathode ray tube
- LCD liquid crystal display
- plasma and/or projection-type technologies.
- display 330 may receive media information to output from tuner 320 . In other situations, display 330 may receive media information to output from network interface 310 and/or storage 340 .
- Processing system 100 may interact with storage 340 (if present) and/or tuner 320 and/or network interface 310 to store and/or play media information in accordance with, for example, kernel and/or applications 190 .
- Processing system 100 may, for example, play or store media information to/from “local” storage 340 and/or tuner 320 . In some cases, however, processing system 100 may play media information from, or store media information to, remote media systems via network interface 310 , as will be described in further detail below.
- processing system 100 may also perform other associated tasks in accordance with kernel and/or applications 190 , such as encoding or decoding of media information before and/or after storage in storage 340 or transfer via network interface 310 .
- processing system 100 may convert media information to or from various formats, such as MPEG-1, MPEG-2, MPEG-4 (from the Moving Picture Experts Group), or any other known or later-developed media format.
- processing system 100 may also control which channels of information in the media stream are selected by tuner 320 .
- Storage 340 may include a solid-state, magnetic or optical storage medium, examples of which may include semiconductor-based memory, magnetic hard disks, optical disks, etc. Storage 340 may be arranged to store instructions and/or programs for execution by processing system 100 , as well as data products of the instructions and/or programs. Storage 340 may include random access memory (RAM), read only memory (ROM), flash memory, and may include other types of storage media, such as magnetic hard drives and (read-only or writable) optical media (e.g., compact discs (CDs), digital versatile discs (DVDs), etc.) and their associated optical drives.
- RAM random access memory
- ROM read only memory
- flash memory and may include other types of storage media, such as magnetic hard drives and (read-only or writable) optical media (e.g., compact discs (CDs), digital versatile discs (DVDs), etc.) and their associated optical drives.
- User interface 350 may be arranged to supply input to a program on processing system 100 from a user.
- User interface 350 may include, for example, a keyboard, mouse, remote control, multi-purpose controller or similar device. Although shown directly connected to processing system 100 in FIG. 3 , user interface 350 may, in some implementations, be functionally connected to processing system 100 via an intermediate device, such as display 330 .
- processor 120 boot storage 130 , and ID storage 140 have been described as being in a single package 110 , one or more of these elements may be implemented in separate physical packages in desired.
- boot storage 130 and/or ID storage 140 have been described as read-only and/or OTP, in some implementations, one or more of storages 130 and 140 may be writable and/or programmable more than once.
- boot storage 130 and/or ID storage 140 may be logical portions of the same physical storage device or structure.
- some or all of boot code 180 may reside in boot storage 130 , instead of in memory 160 .
- the loading of unique ID 170 into ID storage 140 has been described as happening on the first boot of processor 120 during manufacturing, this need not necessarily be the case. For example, in some implementations such loading of unique ID 170 may happen during second or subsequent boots of processor 120 , perhaps in a deliberate operation, rather than automatically on first boot. Also, such loading of unique ID 170 need not necessarily be performed by the manufacturer of processor system 100 , but rather may be performed by another entity, such as an integrator of system 100 (e.g., into system 300 ), and/or by a service provider at a later time.
- one time programmable may refer to a certain element within a storage device, and not necessarily to the number of storage operations that may be performed to that device. For example, some percentage of the “one time programmable” elements in a device may be programmed at a certain time, and a remaining percentage of the “one time programmable” elements in the device may be programmed at a later time.
- FIG. 2 need not be implemented in the order shown; nor do all of the acts necessarily need to be performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. Further, at least some of the acts in this figure may be implemented as instructions, or groups of instructions, implemented in a machine-readable medium.
Abstract
Description
- Implementations of the claimed invention generally may relate to security verification and, more particularly, to preventing software modification via secure booting.
- In certain applications, it may be desirable to prevent unauthorized modification of software, for example to protect high-value content and/or service provider revenue. One scheme that has been proposed to prevent such unauthorized modification is to “securely boot” from a trusted (e.g., assumed uncorrupted) source to ensure that software is not or has not been modified. Such secure booting may ensure data security itself, or it may trigger subsequent verification in a so-called “chain of trust.”
- One way to design a secure boot scheme may be for a processor to read trusted boot code from an external memory device, such as non-volatile, flash-type memory. Such boot code may reside, for example, in a one-time programmable (OTP) area of the external memory device. Such one-time programmability may prevent overwriting of the trusted boot code.
- Such an external memory device, however, may be vulnerable to a replacement attack, where the external memory may be removed and replaced with a different memory device containing modified boot code.
- The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate one or more implementations consistent with the principles of the invention and, together with the description, explain such implementations. The drawings are not necessarily to scale, the emphasis instead being placed upon illustrating the principles of the invention. In the drawings,
-
FIG. 1 illustrates an example processing system; -
FIG. 2 is a flow chart illustrating a process of securely booting a processor; and -
FIG. 3 illustrates an example system that may include the processing system ofFIG. 1 . - The following detailed description refers to the accompanying drawings. The same reference numbers may be used in different drawings to identify the same or similar elements. In the following description, for purposes of explanation and not limitation, specific details are set forth such as particular structures, architectures, interfaces, techniques, etc. in order to provide a thorough understanding of the various aspects of the claimed invention. However, it will be apparent to those skilled in the art having the benefit of the present disclosure that the various aspects of the invention claimed may be practiced in other examples that depart from these specific details. In certain instances, descriptions of well known devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
-
FIG. 1 illustrates anexample processing system 100.Processing system 100 may include aprocessor package 110, acommunication link 150, and amemory 160.Processor package 110 andmemory 160 may, in some implementations, be located proximately on a single circuit board. In some implementations,package 110 andmemory 160 may be more remotely situated withinsystem 100.Memory 160 may be referred to or conceptualized as an “external” memory, because it may be external to package 110. -
Processor package 110 may include aprocessor 120, aboot storage 130, and an identifier (ID)storage 140. In some implementations,processor 120,boot storage 130, andID storage 140 may be located on the same die and/or semiconductor substrate. In some implementations,processor 120,boot storage 130, andID storage 140 may be located on different dies and/or chips that are packaged together. In some implementations,processor 120 andboot storage 130 may be located on the same die and/or semiconductor substrate, andID storage 140 may be located on a different die and/or chip that is packaged with that ofprocessor 120. Other variations are both possible and contemplated. -
Processor 120 may include a general-purpose or special-purpose processor configured to execute instructions or series of instructions to operate on data. In some implementations,processor 120 may be a general-purpose processing element that may execute instructions stored inboot storage 120 and/or inmemory 160. -
Boot storage 130 may include a non-volatile memory, such as a read-only memory (ROM). In some implementations,boot storage 130 may store some portion of the boot code for initializing and establishing operational parameters ofprocessor 120. In some implementations,boot storage 130 may include security verification code for verifying one or more properties ofmemory 160 before further booting may occur. In some implementations, boot storage may be about 200 Bytes to about 10 kilobytes in size, although smaller or larger sizes are possible. -
ID storage 140 may include a non-volatile memory, such as a one-time programmable (OTP) flash memory. In some implementations,ID storage 140 may include an electrically erasable programmable read-only memory (EEPROM), such as a serial EEPROM. In some implementations,ID storage 140 may include a bank of fuses that may be blown during manufacturing to store information. -
ID storage 140 may be arranged to store identification information aboutmemory 160. In some implementations, where a relatively small amount of information (e.g., a single identifier) is to be stored inID storage 140, it may be around 32 bits in size. Slightly larger sizes forID storage 140 are also possible, such as 128 bits or 256 bits. In some implementations, where a larger amount of information (e.g., an identifier and other information, such as a cryptographic signature) is to be stored, ID storage may be larger (e.g., around 160 bits to several kilobytes in size). -
Communication link 150 may connectprocessor package 110 andmemory 160. Although illustrated as a single bidirectional arrow, communication link may include one or more busses and/or point-to-point connections betweenprocessor package 110 andmemory 160. In some implementations,communication link 150 may be implemented via conductive traces and/or wires. In some implementations,link 150 may be implemented in a non-conductive manner (e.g., optically and/or wirelessly). -
Memory 160 may include a unique identifier (ID) 170, aboot code portion 180, and a portion for storing kernel and/orapplication code 190. In some implementations,unique ID 170 and/orboot code 180 may be stored in OTP portions ofmemory 160.Memory 160 may include flash-type or other nonvolatile memory including OTP and/or many-times programmable portions. -
Unique ID 170 may be programmed intomemory 160 whenmemory 160 is manufactured. In some implementations,unique ID 170, once programmed intomemory 160, may not be rewritten or overwritten. In some implementations,unique ID 170 may be less than, for example, about 128 bits.Unique ID 170 may be sufficiently long, however, to make accidental duplication of the ID unlikely. -
Boot code 180 also may be programmed intomemory 160 whenmemory 160 is manufactured. In some implementations,boot code 180, once programmed intomemory 160, may not be rewritten or overwritten.Boot code 180 may include a remainder of code needed to bootprocessor 120, in addition to a security verification portion of the initializing code that may be stored inboot storage 130. In some implementations,boot code 180 may also include verification code to verify the integrity of, for example, kernel and/orapplications 190. - Kernel and/or
applications 190 may include code and/or instructions to be executed byprocessor 120 afterboot code 180. Kernel and/orapplications 190 may include instructions that define a “steady state” functionality ofsystem 100. For example, ifsystem 100 is included in a set-top box, kernel and/orapplications 190 may include an operating system and/or tuner software and/or a program guide to control playback of media information. -
FIG. 2 is a flow chart illustrating aprocess 200 of securely bootingprocessor 120. AlthoughFIG. 2 may be described with regard tosystem 100 for ease and clarity of explanation, it should be understood thatprocess 200 may be performed by other systems than thespecific system 100 illustrated inFIG. 1 . - Processing may begin with
processor 120 executing verification code stored in boot storage 130 [act 205]. In some implementations, act 205 may occur on a system reset and/or restart or startup. The verification code may directprocessor 120 to perform some or all of acts 210-255 inFIG. 2 . - Processing may continue with
processor 120 retrieving at leastunique ID 170 frommemory 160 via communication link 150 [act 210]. In some implementations,processor 120 may send a particular command sequence tomemory 160 to readunique identifier 170. For example, the design ofmemory 160 may necessitate a specific sequence of commands to be sent beforeunique ID 170 may be obtained. Such a sequence may be similar to those used to get status or write to typical flash memory devices. In some implementations,processor 120 may also retrieve a portion (e.g., some or all) ofboot code 180 frommemory 160 inact 210. In some implementations,processor 120 may optionally retrieve a portion of kernel and/orapplications 190 in addition toboot code 180. Such optional retrieval of boot code 180 (and, optionally, kernel and/or applications 190) may facilitateoptional acts boot code 180 for ease of presentation, it should be understood thatoptional acts applications 190. - If it is the
first time processor 120 has executed the verification code from boot storage 130 [act 215], processor may storeunique ID 170 locally in ID storage 140 [act 220]. As previously mentioned with regard toFIG. 1 , act 220 inID storage 140 may be an OTP-type storage operation. In some implementations, act 220 may be performed by the manufacturer ofsystem 100 during manufacture and/or assembly ofsystem 100. - Optionally, if
processor 120 has retrieved a portion ofboot code 180 inact 210,processor 120 may compute a cryptographic hash or digital signature (or otherwise generate a unique identifier) onboot code 180 and also locally store the resultant hash or signature, herein referred to as ‘signature’ in ID storage 140 [act 225]. Any now-known or later-developed hashing (such as MD-5, SHA-1) or similar algorithm such as a Message Authentication Code (hashing algorithm which uses a secret key, such as HMAC-MD5, HMAC-SHA-1) or a Digital Signature algorithm (such as RSA, DSA, El-Gamal etc) may be stored inboot storage 130 and used inact 225. Message Authentication Codes (MACs), which may be referred to as keyed hashes, may provide greater security in some implementations than non-keyed hashes, because knowledge of the key is implied.Acts 220, and optionally 225, may “bind”external memory 160 toprocessor package 110 during manufacturing and/or before the opportunity for a memory replacement attack onsystem 100. - On subsequent executions of verification code [act 215],
processor 120 may compareunique ID 170 fromexternal memory 160 with a corresponding identifier in ID storage 140 [act 230]. If the identifiers do not match [act 235], the verification code executed byprocessor 120 may prevent further booting [act 240]. In such a case,processor 120 may not executeboot code 180, because the identity or trustworthiness ofmemory 160 is suspect. In some implementations,processor 120 may issue an error code or other notification to the remainder ofsystem 100 that booting has stopped inact 240. - If the identifiers match [act 235] and if a signature of
boot code 180 is also present inID storage 140, the verification code executed byprocessor 120 may compute a signature of the boot code 180 (and/or other code) read frommemory 160 in act 210 [act 245]. The signature algorithm performed onboot code 180 frommemory 160 may be the same as the algorithm used inact 225. If the computed signature fromact 245 does not equal the corresponding signature value from ID storage 140 [act 250], the verification code executed byprocessor 120 may preventsystem 100 from booting further [act 240], as previously described. - If the computed signature from
act 245 matches the corresponding signature value from ID storage 140 [act 250],processor 120 the verification code executed byprocessor 120 may permit further booting fromboot code 180 in external memory 160 [act 255]. In some implementations,boot code 180 may include the remainder of all boot code beyond the verification portion that is stored inboot storage 130. In some implementations,boot code 180, having been verified inact 250, may proceed to verify other code inmemory 160, such as kernel and/orapplications 190. In some implementations,boot code 180 may load kernel and/orapplications 190 for further execution byprocessor 120. - It should be noted that in implementations that do not include a signature of
boot code 180, when identifiers match inact 235, processor may permit booting fromboot code 180 inact 255. In other words, when acts 245 and 250 are not present and/or performed, act 255 may followact 235 when appropriate. -
FIG. 3 illustrates anexample system 300 that may includeprocessing system 100. In some implementations,system 300 may include a set-top box for interfacing with cable/satellite/internet protocol (IP)-based networks. In some implementations,system 300 may include a more general-purpose computing or processing system and components thereof.System 300 may include at least some of anetwork interface 310, atuner 320, adisplay 330,processor system 100,storage 340, and auser interface 350 connected by at least onebus 305. Althoughsystem 300 may include some or all of elements 310-350, it may also include other elements that are not illustrated for clarity of explanation. Further, elements 310-350 may be implemented by hardware, software/firmware, or some combination thereof, and although illustrated as separate functional modules for ease of explanation, elements 310-350 may not be implemented as discrete elements withinsystem 300. - Further, some
systems 300 may not include certain ones of elements 310-350. In some implementations,system 300, for example, may lackstorage 340.Other systems 300, such as server-type systems, may lack one or more oftuner 320,display 330, and/oruser interface 350. -
Network interface 310 may be arranged to transmit and receive data via one or more communication links. In somesystems 300,network interface 310 may function as a switch or router, but inother systems 300,network interface 310 may function as an access point.Network interface 310 may be arranged to facilitate communication via any associated communication link(s). For example, if the associated communication links include a wireless link,network interface 310 may include circuitry and optionally an antenna arranged to send and receive wireless signals. Conversely, if the communication link include a wired link (including wires or other physical conduits such as optical fibers),network interface 310 may include circuitry and a connector arranged to send and receive signals via a wire, cable, fiber, or the like. -
Tuner 320 may include one or more devices that are arranged to separate one or more streams of information (e.g., television channel(s)) from an input media stream.Tuner 320 may also include a physical interface to receive a transport medium (e.g., a coaxial cable, Ethernet cable, wireless connection, etc.) that carries the media stream.Tuner 320 may lock onto and output a first stream of information, such as a television channel or other information, present at a first frequency range in the media stream. The particular choice of which first stream or channel to be output bytuner 320 may be made by a user viauser interface 350 or by processingsystem 100. -
Display 330 may include a television, monitor, projector, or other device suitable for displaying media information, such as video and/or audio.Display 330 may utilize a number of technologies for such displaying, including cathode ray tube (CRT), liquid crystal display (LCD), plasma, and/or projection-type technologies. In some situations,display 330 may receive media information to output fromtuner 320. In other situations,display 330 may receive media information to output fromnetwork interface 310 and/orstorage 340. -
Processing system 100, after asuccessful booting process 200, may interact with storage 340 (if present) and/ortuner 320 and/ornetwork interface 310 to store and/or play media information in accordance with, for example, kernel and/orapplications 190.Processing system 100 may, for example, play or store media information to/from “local”storage 340 and/ortuner 320. In some cases, however,processing system 100 may play media information from, or store media information to, remote media systems vianetwork interface 310, as will be described in further detail below. - In addition,
processing system 100 may also perform other associated tasks in accordance with kernel and/orapplications 190, such as encoding or decoding of media information before and/or after storage instorage 340 or transfer vianetwork interface 310. For example,processing system 100 may convert media information to or from various formats, such as MPEG-1, MPEG-2, MPEG-4 (from the Moving Picture Experts Group), or any other known or later-developed media format.Processing system 100 may also control which channels of information in the media stream are selected bytuner 320. -
Storage 340 may include a solid-state, magnetic or optical storage medium, examples of which may include semiconductor-based memory, magnetic hard disks, optical disks, etc.Storage 340 may be arranged to store instructions and/or programs for execution byprocessing system 100, as well as data products of the instructions and/or programs.Storage 340 may include random access memory (RAM), read only memory (ROM), flash memory, and may include other types of storage media, such as magnetic hard drives and (read-only or writable) optical media (e.g., compact discs (CDs), digital versatile discs (DVDs), etc.) and their associated optical drives. -
User interface 350 may be arranged to supply input to a program onprocessing system 100 from a user.User interface 350 may include, for example, a keyboard, mouse, remote control, multi-purpose controller or similar device. Although shown directly connected toprocessing system 100 inFIG. 3 ,user interface 350 may, in some implementations, be functionally connected toprocessing system 100 via an intermediate device, such asdisplay 330. - The foregoing description of one or more implementations provides illustration and description, but is not intended to be exhaustive or to limit the scope of the invention to the precise form disclosed. Modifications and variations are possible in light of the above teachings or may be acquired from practice of various implementations of the invention.
- For example, although
processor 120,boot storage 130, andID storage 140 have been described as being in asingle package 110, one or more of these elements may be implemented in separate physical packages in desired. Similarly, althoughboot storage 130 and/orID storage 140 have been described as read-only and/or OTP, in some implementations, one or more ofstorages boot storage 130 and/orID storage 140 may be logical portions of the same physical storage device or structure. Moreover, in some implementations, some or all ofboot code 180 may reside inboot storage 130, instead of inmemory 160. - Further, although the loading of
unique ID 170 intoID storage 140 has been described as happening on the first boot ofprocessor 120 during manufacturing, this need not necessarily be the case. For example, in some implementations such loading ofunique ID 170 may happen during second or subsequent boots ofprocessor 120, perhaps in a deliberate operation, rather than automatically on first boot. Also, such loading ofunique ID 170 need not necessarily be performed by the manufacturer ofprocessor system 100, but rather may be performed by another entity, such as an integrator of system 100 (e.g., into system 300), and/or by a service provider at a later time. - In addition, as used herein “one time programmable” may refer to a certain element within a storage device, and not necessarily to the number of storage operations that may be performed to that device. For example, some percentage of the “one time programmable” elements in a device may be programmed at a certain time, and a remaining percentage of the “one time programmable” elements in the device may be programmed at a later time.
- Moreover, the acts in
FIG. 2 need not be implemented in the order shown; nor do all of the acts necessarily need to be performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. Further, at least some of the acts in this figure may be implemented as instructions, or groups of instructions, implemented in a machine-readable medium. - No element, act, or instruction used in the description of the present application should be construed as critical or essential to the invention unless explicitly described as such. Also, as used herein, the article “a” is intended to include one or more items. Variations and modifications may be made to the above-described implementation(s) of the claimed invention without departing substantially from the spirit and principles of the invention. All such modifications and variations are intended to be included herein within the scope of this disclosure and protected by the following claims.
Claims (26)
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/988,913 US8667580B2 (en) | 2004-11-15 | 2004-11-15 | Secure boot scheme from external memory using internal memory |
PCT/US2005/040443 WO2006055344A1 (en) | 2004-11-15 | 2005-11-03 | Secure boot scheme from external memory using internal memory |
GB0706017A GB2433623B (en) | 2004-11-15 | 2005-11-03 | Secure boot scheme from external memory using internal memory |
CNA2005800355277A CN101044488A (en) | 2004-11-15 | 2005-11-03 | Secure boot scheme from exterbal memory using international memory |
TW094138954A TWI320531B (en) | 2004-11-15 | 2005-11-07 | System and method for securely booting from external memory using internal memory |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/988,913 US8667580B2 (en) | 2004-11-15 | 2004-11-15 | Secure boot scheme from external memory using internal memory |
Publications (2)
Publication Number | Publication Date |
---|---|
US20060107320A1 true US20060107320A1 (en) | 2006-05-18 |
US8667580B2 US8667580B2 (en) | 2014-03-04 |
Family
ID=35811598
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/988,913 Expired - Fee Related US8667580B2 (en) | 2004-11-15 | 2004-11-15 | Secure boot scheme from external memory using internal memory |
Country Status (5)
Country | Link |
---|---|
US (1) | US8667580B2 (en) |
CN (1) | CN101044488A (en) |
GB (1) | GB2433623B (en) |
TW (1) | TWI320531B (en) |
WO (1) | WO2006055344A1 (en) |
Cited By (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070076611A1 (en) * | 2005-10-05 | 2007-04-05 | Fujitsu Limited | Detecting anomalies from acceptable traffic affected by anomalous traffic |
US20070157000A1 (en) * | 2005-12-30 | 2007-07-05 | Shekoufeh Qawami | Configuring levels of program/erase protection in flash devices |
US20080077592A1 (en) * | 2006-09-27 | 2008-03-27 | Shane Brodie | method and apparatus for device authentication |
US20080141015A1 (en) * | 2006-12-06 | 2008-06-12 | Glen Edmond Chalemin | System and method for operating system deployment in a peer-to-peer computing environment |
US20090110190A1 (en) * | 2007-10-30 | 2009-04-30 | Sandisk Il Ltd. | Fast secure boot implementation |
US20090150464A1 (en) * | 2007-12-05 | 2009-06-11 | Samsung Electronics Co. Ltd. | Apparatus and method for managing metadata in portable terminal |
US20090222653A1 (en) * | 2008-02-29 | 2009-09-03 | Ralf Findeisen | Computer system comprising a secure boot mechanism |
WO2011000722A1 (en) * | 2009-07-03 | 2011-01-06 | Gemalto Sa | Method for remotely validating executable code |
US20110066839A1 (en) * | 2008-05-16 | 2011-03-17 | Lan Wang | System And Method For Providing A System Management Command |
US20150012737A1 (en) * | 2013-07-04 | 2015-01-08 | Microsemi SoC Corporation | Secure Boot for Unsecure Processors |
JP2016062551A (en) * | 2014-09-22 | 2016-04-25 | 株式会社東芝 | Information processing device |
US20170289129A1 (en) * | 2016-03-31 | 2017-10-05 | Sergiu D. Ghetie | System, Apparatus And Method For Securely Protecting A Processor In Transit |
US20170329976A1 (en) * | 2016-05-11 | 2017-11-16 | Fuji Xerox Co., Ltd. | Information processing apparatus, information processing method, and non-transitory computer readable medium |
US10114369B2 (en) | 2014-06-24 | 2018-10-30 | Microsemi SoC Corporation | Identifying integrated circuit origin using tooling signature |
US10127374B2 (en) | 2014-02-27 | 2018-11-13 | Microsemi SoC Corporation | Methods for controlling the use of intellectual property in individual integrated circuit devices |
US10353638B2 (en) | 2014-11-18 | 2019-07-16 | Microsemi SoC Corporation | Security method and apparatus to prevent replay of external memory data to integrated circuits having only one-time programmable non-volatile memory |
US10404463B1 (en) * | 2018-04-25 | 2019-09-03 | Blockchain Asics Llc | Cryptographic ASIC with self-verifying unique internal identifier |
US10404674B1 (en) | 2017-02-28 | 2019-09-03 | Amazon Technologies, Inc. | Efficient memory management in multi-tenant virtualized environment |
US10474359B1 (en) | 2017-02-28 | 2019-11-12 | Amazon Technologies, Inc. | Write minimization for de-allocated memory |
US10740466B1 (en) * | 2016-09-29 | 2020-08-11 | Amazon Technologies, Inc. | Securing interfaces of a compute node |
US10885228B2 (en) | 2018-03-20 | 2021-01-05 | Blockchain ASICs Inc. | Cryptographic ASIC with combined transformation and one-way functions |
US10901627B1 (en) | 2017-02-28 | 2021-01-26 | Amazon Technologies, Inc. | Tracking persistent memory usage |
US10936758B2 (en) | 2016-01-15 | 2021-03-02 | Blockchain ASICs Inc. | Cryptographic ASIC including circuitry-encoded transformation function |
US11093258B2 (en) * | 2016-12-15 | 2021-08-17 | Shenyang Institute Of Automation, Chinese Academy Of Sciences | Method for trusted booting of PLC based on measurement mechanism |
US11301567B2 (en) * | 2020-02-03 | 2022-04-12 | Dell Products L.P. | Systems and methods for automatic boot to authenticated external device |
US11341248B2 (en) * | 2018-12-21 | 2022-05-24 | Intel Corporation | Method and apparatus to prevent unauthorized operation of an integrated circuit in a computer system |
US11409865B1 (en) * | 2021-08-16 | 2022-08-09 | Cyberark Software Ltd. | Verification code injection at build time |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102270229B (en) * | 2011-07-13 | 2013-02-13 | 中国人民解放军海军计算技术研究所 | Measurement method for basic input/output system (BIOS)-level system file |
JP5879520B2 (en) * | 2011-11-07 | 2016-03-08 | パナソニックIpマネジメント株式会社 | Communication system and transmission unit used therefor |
CN105556536A (en) * | 2013-09-30 | 2016-05-04 | 惠普发展公司,有限责任合伙企业 | One-time power-on password |
CN104079994B (en) * | 2014-07-07 | 2017-05-24 | 四川金网通电子科技有限公司 | Authorization system and method based on set top box card-free CA |
US10211120B2 (en) * | 2015-12-23 | 2019-02-19 | Intel Corporation | Rework grid array interposer with direct power |
US11263326B2 (en) * | 2017-06-02 | 2022-03-01 | Apple Inc. | Method and apparatus for secure system boot |
US10985922B2 (en) * | 2017-09-29 | 2021-04-20 | Taiwan Semiconductor Manufacturing Co., Ltd. | Device with self-authentication |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5805711A (en) * | 1993-12-21 | 1998-09-08 | Francotyp-Postalia Ag & Co. | Method of improving the security of postage meter machines |
US5937063A (en) * | 1996-09-30 | 1999-08-10 | Intel Corporation | Secure boot |
US20020144104A1 (en) * | 2001-04-02 | 2002-10-03 | Springfield Randall Scott | Method and system for providing a trusted flash boot source |
US20030084316A1 (en) * | 2001-10-30 | 2003-05-01 | Schwartz Jeffrey D. | System and method for securing a computer |
US20040003209A1 (en) * | 2002-06-28 | 2004-01-01 | Hitachi Ltd. | Data processor |
US20040107309A1 (en) * | 1999-10-22 | 2004-06-03 | Sony Corporation | Data rewriting apparatus, control method, and recording medium |
US6791157B1 (en) * | 2000-01-18 | 2004-09-14 | Advanced Micro Devices, Inc. | Integrated circuit package incorporating programmable elements |
US20040184605A1 (en) * | 2003-03-13 | 2004-09-23 | New Mexico Technical Research Foundation | Information security via dynamic encryption with hash function |
US20040221044A1 (en) * | 2003-05-02 | 2004-11-04 | Oren Rosenbloom | System and method for facilitating communication between a computing device and multiple categories of media devices |
US20050076226A1 (en) * | 2003-10-01 | 2005-04-07 | International Business Machines Corporation | Computing device that securely runs authorized software |
US20050267949A1 (en) * | 2004-05-27 | 2005-12-01 | Microsoft Corporation | Strategies for consuming resource items based on a resource item list |
US20050283601A1 (en) * | 2004-06-22 | 2005-12-22 | Sun Microsystems, Inc. | Systems and methods for securing a computer boot |
US20060265446A1 (en) * | 2004-04-14 | 2006-11-23 | Ipass Inc. | Dynamic executable |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5509120A (en) | 1993-11-30 | 1996-04-16 | International Business Machines Corporation | Method and system for detecting computer viruses during power on self test |
EP1429224A1 (en) | 2002-12-10 | 2004-06-16 | Texas Instruments Incorporated | Firmware run-time authentication |
-
2004
- 2004-11-15 US US10/988,913 patent/US8667580B2/en not_active Expired - Fee Related
-
2005
- 2005-11-03 WO PCT/US2005/040443 patent/WO2006055344A1/en active Application Filing
- 2005-11-03 GB GB0706017A patent/GB2433623B/en not_active Expired - Fee Related
- 2005-11-03 CN CNA2005800355277A patent/CN101044488A/en active Pending
- 2005-11-07 TW TW094138954A patent/TWI320531B/en not_active IP Right Cessation
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5805711A (en) * | 1993-12-21 | 1998-09-08 | Francotyp-Postalia Ag & Co. | Method of improving the security of postage meter machines |
US5937063A (en) * | 1996-09-30 | 1999-08-10 | Intel Corporation | Secure boot |
US20040107309A1 (en) * | 1999-10-22 | 2004-06-03 | Sony Corporation | Data rewriting apparatus, control method, and recording medium |
US6791157B1 (en) * | 2000-01-18 | 2004-09-14 | Advanced Micro Devices, Inc. | Integrated circuit package incorporating programmable elements |
US20020144104A1 (en) * | 2001-04-02 | 2002-10-03 | Springfield Randall Scott | Method and system for providing a trusted flash boot source |
US20030084316A1 (en) * | 2001-10-30 | 2003-05-01 | Schwartz Jeffrey D. | System and method for securing a computer |
US20040003209A1 (en) * | 2002-06-28 | 2004-01-01 | Hitachi Ltd. | Data processor |
US20040184605A1 (en) * | 2003-03-13 | 2004-09-23 | New Mexico Technical Research Foundation | Information security via dynamic encryption with hash function |
US20040221044A1 (en) * | 2003-05-02 | 2004-11-04 | Oren Rosenbloom | System and method for facilitating communication between a computing device and multiple categories of media devices |
US20050076226A1 (en) * | 2003-10-01 | 2005-04-07 | International Business Machines Corporation | Computing device that securely runs authorized software |
US20060265446A1 (en) * | 2004-04-14 | 2006-11-23 | Ipass Inc. | Dynamic executable |
US20050267949A1 (en) * | 2004-05-27 | 2005-12-01 | Microsoft Corporation | Strategies for consuming resource items based on a resource item list |
US20050283601A1 (en) * | 2004-06-22 | 2005-12-22 | Sun Microsystems, Inc. | Systems and methods for securing a computer boot |
Cited By (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070076611A1 (en) * | 2005-10-05 | 2007-04-05 | Fujitsu Limited | Detecting anomalies from acceptable traffic affected by anomalous traffic |
US8375189B2 (en) | 2005-12-30 | 2013-02-12 | Intel Corporation | Configuring levels of program/erase protection in flash devices |
US20070157000A1 (en) * | 2005-12-30 | 2007-07-05 | Shekoufeh Qawami | Configuring levels of program/erase protection in flash devices |
US20080077592A1 (en) * | 2006-09-27 | 2008-03-27 | Shane Brodie | method and apparatus for device authentication |
US20080141015A1 (en) * | 2006-12-06 | 2008-06-12 | Glen Edmond Chalemin | System and method for operating system deployment in a peer-to-peer computing environment |
US20090110190A1 (en) * | 2007-10-30 | 2009-04-30 | Sandisk Il Ltd. | Fast secure boot implementation |
US20090150464A1 (en) * | 2007-12-05 | 2009-06-11 | Samsung Electronics Co. Ltd. | Apparatus and method for managing metadata in portable terminal |
US9069789B2 (en) | 2007-12-05 | 2015-06-30 | Samsung Electronics Co., Ltd. | Apparatus and method for managing metadata in portable terminal |
KR101237527B1 (en) * | 2008-02-29 | 2013-02-26 | 글로벌파운드리즈 인크. | A computer system comprising a secure boot mechanism |
US20090222653A1 (en) * | 2008-02-29 | 2009-09-03 | Ralf Findeisen | Computer system comprising a secure boot mechanism |
US8656146B2 (en) * | 2008-02-29 | 2014-02-18 | Globalfoundries Inc. | Computer system comprising a secure boot mechanism |
TWI498768B (en) * | 2008-02-29 | 2015-09-01 | Globalfoundries Us Inc | A computer system comprising a secure boot mechanism, a method for starting a computer system, and a central processing unit |
US9143328B2 (en) * | 2008-05-16 | 2015-09-22 | Hewlett-Packard Development Company, L.P. | System and method for providing a system management command |
US20110066839A1 (en) * | 2008-05-16 | 2011-03-17 | Lan Wang | System And Method For Providing A System Management Command |
WO2011000722A1 (en) * | 2009-07-03 | 2011-01-06 | Gemalto Sa | Method for remotely validating executable code |
US20150012737A1 (en) * | 2013-07-04 | 2015-01-08 | Microsemi SoC Corporation | Secure Boot for Unsecure Processors |
US9953166B2 (en) * | 2013-07-04 | 2018-04-24 | Microsemi SoC Corporation | Method for securely booting target processor in target system using a secure root of trust to verify a returned message authentication code recreated by the target processor |
US10127374B2 (en) | 2014-02-27 | 2018-11-13 | Microsemi SoC Corporation | Methods for controlling the use of intellectual property in individual integrated circuit devices |
US10114369B2 (en) | 2014-06-24 | 2018-10-30 | Microsemi SoC Corporation | Identifying integrated circuit origin using tooling signature |
JP2016062551A (en) * | 2014-09-22 | 2016-04-25 | 株式会社東芝 | Information processing device |
US10353638B2 (en) | 2014-11-18 | 2019-07-16 | Microsemi SoC Corporation | Security method and apparatus to prevent replay of external memory data to integrated circuits having only one-time programmable non-volatile memory |
US10936758B2 (en) | 2016-01-15 | 2021-03-02 | Blockchain ASICs Inc. | Cryptographic ASIC including circuitry-encoded transformation function |
US10009339B2 (en) * | 2016-03-31 | 2018-06-26 | Intel Corporation | System, apparatus and method for securely protecting a processor in transit |
US20170289129A1 (en) * | 2016-03-31 | 2017-10-05 | Sergiu D. Ghetie | System, Apparatus And Method For Securely Protecting A Processor In Transit |
US20170329976A1 (en) * | 2016-05-11 | 2017-11-16 | Fuji Xerox Co., Ltd. | Information processing apparatus, information processing method, and non-transitory computer readable medium |
US10657268B2 (en) * | 2016-05-11 | 2020-05-19 | Fuji Xerox Co., Ltd. | Information processing apparatus, information processing method, and non-transitory computer readable medium to verify validity of backup data |
US10740466B1 (en) * | 2016-09-29 | 2020-08-11 | Amazon Technologies, Inc. | Securing interfaces of a compute node |
US11093258B2 (en) * | 2016-12-15 | 2021-08-17 | Shenyang Institute Of Automation, Chinese Academy Of Sciences | Method for trusted booting of PLC based on measurement mechanism |
US10404674B1 (en) | 2017-02-28 | 2019-09-03 | Amazon Technologies, Inc. | Efficient memory management in multi-tenant virtualized environment |
US10474359B1 (en) | 2017-02-28 | 2019-11-12 | Amazon Technologies, Inc. | Write minimization for de-allocated memory |
US10901627B1 (en) | 2017-02-28 | 2021-01-26 | Amazon Technologies, Inc. | Tracking persistent memory usage |
US10885228B2 (en) | 2018-03-20 | 2021-01-05 | Blockchain ASICs Inc. | Cryptographic ASIC with combined transformation and one-way functions |
US10607030B2 (en) | 2018-04-25 | 2020-03-31 | Blockchain Asics Llc | Cryptographic ASIC with onboard permanent context storage and exchange |
US10796024B2 (en) | 2018-04-25 | 2020-10-06 | Blockchain ASICs Inc. | Cryptographic ASIC for derivative key hierarchy |
US10607031B2 (en) | 2018-04-25 | 2020-03-31 | Blockchain Asics Llc | Cryptographic ASIC with autonomous onboard permanent storage |
US10607032B2 (en) | 2018-04-25 | 2020-03-31 | Blockchain Asics Llc | Cryptographic ASIC for key hierarchy enforcement |
US11042669B2 (en) | 2018-04-25 | 2021-06-22 | Blockchain ASICs Inc. | Cryptographic ASIC with unique internal identifier |
US10404463B1 (en) * | 2018-04-25 | 2019-09-03 | Blockchain Asics Llc | Cryptographic ASIC with self-verifying unique internal identifier |
US11093655B2 (en) | 2018-04-25 | 2021-08-17 | Blockchain ASICs Inc. | Cryptographic ASIC with onboard permanent context storage and exchange |
US11093654B2 (en) * | 2018-04-25 | 2021-08-17 | Blockchain ASICs Inc. | Cryptographic ASIC with self-verifying unique internal identifier |
US11341248B2 (en) * | 2018-12-21 | 2022-05-24 | Intel Corporation | Method and apparatus to prevent unauthorized operation of an integrated circuit in a computer system |
US11301567B2 (en) * | 2020-02-03 | 2022-04-12 | Dell Products L.P. | Systems and methods for automatic boot to authenticated external device |
US11409865B1 (en) * | 2021-08-16 | 2022-08-09 | Cyberark Software Ltd. | Verification code injection at build time |
Also Published As
Publication number | Publication date |
---|---|
GB2433623A (en) | 2007-06-27 |
CN101044488A (en) | 2007-09-26 |
TWI320531B (en) | 2010-02-11 |
US8667580B2 (en) | 2014-03-04 |
TW200625089A (en) | 2006-07-16 |
WO2006055344A1 (en) | 2006-05-26 |
GB2433623B (en) | 2008-11-12 |
GB0706017D0 (en) | 2007-05-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8667580B2 (en) | Secure boot scheme from external memory using internal memory | |
US10931451B2 (en) | Securely recovering a computing device | |
US7558958B2 (en) | System and method for securely booting from a network | |
FI114416B (en) | Method for securing the electronic device, the backup system and the electronic device | |
CN109937419B (en) | Initialization method for security function enhanced device and firmware update method for device | |
KR100965717B1 (en) | Use of hashing in a secure boot loader | |
US8656146B2 (en) | Computer system comprising a secure boot mechanism | |
US7797551B2 (en) | Secure verification using a set-top-box chip | |
US8099789B2 (en) | Apparatus and method for enabling applications on a security processor | |
US20100063996A1 (en) | Information processing device, information recording device, information processing system, program update method, program, and integrated circuit | |
US20130024677A1 (en) | Secure booting a computing device | |
US8392724B2 (en) | Information terminal, security device, data protection method, and data protection program | |
US11157656B2 (en) | Method and system for software image verification using a Null File | |
US20040073846A1 (en) | Memory device, terminal apparatus, and data repair system | |
US20070016961A1 (en) | Application revocation using an application revocation list in a portable electronic device | |
US11443043B2 (en) | Automatic verification method and system | |
EP2686807B1 (en) | Prevention of playback attacks using otp memory | |
CN113656086A (en) | Method for safely storing and loading firmware and electronic device | |
EP2343662A1 (en) | Method of and apparatus for storing data | |
US20130179667A1 (en) | Methods and systems for state switching | |
US20160350537A1 (en) | Central processing unit and method to verify mainboard data | |
EP1640844A1 (en) | Secure OTP using external memory | |
US7707638B2 (en) | Autonomous software integrity checker | |
US11580225B2 (en) | Determine whether to perform action on computing device based on analysis of endorsement information of a security co-processor | |
US20210019419A1 (en) | Bidirectional trust chaining for trusted boot |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INTEL CORPORATION, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BHATT, DHIRAJ;AUZAS, ERIC;REEL/FRAME:016006/0449;SIGNING DATES FROM 20041112 TO 20041115 Owner name: INTEL CORPORATION, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BHATT, DHIRAJ;AUZAS, ERIC;SIGNING DATES FROM 20041112 TO 20041115;REEL/FRAME:016006/0449 |
|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Free format text: PAYER NUMBER DE-ASSIGNED (ORIGINAL EVENT CODE: RMPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551) Year of fee payment: 4 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20220304 |